Comments on: Get More Popcorn: New Video On Mint’s Financial Software Security http://www.mint.com/blog/updates/financial-software-security-mint-video/ The blog of the free, simple personal finance solution. Track all your spending automatically, find the best deals, save more money. And save the world. Fri, 19 Mar 2010 18:26:43 -0700 http://wordpress.org/?v=2.8.6 hourly 1 By: Handerson http://www.mint.com/blog/updates/financial-software-security-mint-video/comment-page-1/#comment-25199 Handerson Fri, 01 Aug 2008 17:03:12 +0000 http://blog.mint.com/blog/?p=305#comment-25199 I have been looking for some tool like Mint for a long long time and I really like the feature set, the application you guys are building is amazing. But the video doesn't talk about another potential security risk: Although Mint.com is read only, the application actually stores (I'm confident in encrypted form) my bank information, i.e. my user name, password, answers for challenge questions (like the name of my High School). If, and this is a huge IF, somebody has access to the database and is able to break the encryption he would be able to access my Internet Banking web site directly and from there do a bunch of stuff: Pay bills, transfer money, find my personal information, etc. The reality is that it can happen on Mint.com, BankOfBoston.com or any other financial institution that allows users do transactions through the internet. I would guess that at Mint, because is a new company and smaller, it has actually better procedures and technologies in place to prevent this kind of attacks. Regards, Handerson I have been looking for some tool like Mint for a long long time and I really like the feature set, the application you guys are building is amazing.

But the video doesn’t talk about another potential security risk: Although Mint.com is read only, the application actually stores (I’m confident in encrypted form) my bank information, i.e. my user name, password, answers for challenge questions (like the name of my High School).
If, and this is a huge IF, somebody has access to the database and is able to break the encryption he would be able to access my Internet Banking web site directly and from there do a bunch of stuff: Pay bills, transfer money, find my personal information, etc.

The reality is that it can happen on Mint.com, BankOfBoston.com or any other financial institution that allows users do transactions through the internet.
I would guess that at Mint, because is a new company and smaller, it has actually better procedures and technologies in place to prevent this kind of attacks.

Regards,
Handerson

]]> By: Donna http://www.mint.com/blog/updates/financial-software-security-mint-video/comment-page-1/#comment-25171 Donna Wed, 30 Jul 2008 04:57:02 +0000 http://blog.mint.com/blog/?p=305#comment-25171 Smap, I apologize for the delayed response from us in the forums. Due to high traffic volumes, we’re not responding as quickly as we want to to customer inquiries. We’re are adding capacity and technology to address this. I hope that our VP Product, Aaron Forth’s comments in the two threads you mention have answered your questions. I can add to his post that we’d all like to see the “net” spending graphs come sooner. We’ve prioritized adding mortgages, loans and investments ahead of that change because we’ve heard from more users that those adds were more important to them. Thanks for weighing in; don’t hesitate to contact me directly (or here) if other questions come up. Donna@Mint.com Smap,

I apologize for the delayed response from us in the forums. Due to high traffic volumes, we’re not responding as quickly as we want to to customer inquiries. We’re are adding capacity and technology to address this.

I hope that our VP Product, Aaron Forth’s comments in the two threads you mention have answered your questions. I can add to his post that we’d all like to see the “net” spending graphs come sooner. We’ve prioritized adding mortgages, loans and investments ahead of that change because we’ve heard from more users that those adds were more important to them. Thanks for weighing in; don’t hesitate to contact me directly (or here) if other questions come up.

Donna@Mint.com

]]> By: Smap http://www.mint.com/blog/updates/financial-software-security-mint-video/comment-page-1/#comment-25170 Smap Wed, 30 Jul 2008 04:54:27 +0000 http://blog.mint.com/blog/?p=305#comment-25170 It’s pretty hard to trust Mint when there are so many long-standing bugs that (as a programmer) I can fairly safely say would be on the minor end of the scale to fix. The hardest part to swallow is that if you follow the bug report threads in the Mint.com forums, the “support” often ends up in a black hole as if the support technician isn’t getting any answers as to why these things aren’t getting fixed. http://forums.mint.com/showthread.php?t=3567 http://forums.mint.com/showthread.php?p=6149#post6149 I hope Mint makes good on their promise as an application. The UI rocks for sure, but if the basics behind it (simple accounting) are broke it’s worthless. It’s pretty hard to trust Mint when there are so many long-standing bugs that (as a programmer) I can fairly safely say would be on the minor end of the scale to fix. The hardest part to swallow is that if you follow the bug report threads in the Mint.com forums, the “support” often ends up in a black hole as if the support technician isn’t getting any answers as to why these things aren’t getting fixed.

http://forums.mint.com/showthread.php?t=3567

http://forums.mint.com/showthread.php?p=6149#post6149

I hope Mint makes good on their promise as an application. The UI rocks for sure, but if the basics behind it (simple accounting) are broke it’s worthless.

]]>